Description of folder permissions¶
Folders have permission mapping capabilities, which can map the permissions of users/groups in this folder to subfolders, workspaces and resources under it.
If the user/group is Folder Admin role in this folder, it is still Folder Admin role when mapped to a subfolder, and Workspace Admin is mapped to the workspace under it; If a Namespace is bound in Workspace and Folder -> Resource Group , the user/group is also a Namespace Admin after mapping.
Note
The permission mapping capability of folders will not be applied to shared resources, because sharing is to share the use permissions of the cluster to multiple workspaces, rather than assigning management permissions to workspaces, so permission inheritance and role mapping will not be implemented.
Use cases¶
Folders have hierarchical capabilities, so when folders are mapped to departments/suppliers/projects in the enterprise,
- If a user/group has administrative authority (Admin) in the first-level department, the second-level, third-level, and fourth-level departments or projects under it also have administrative authority;
- If a user/group has access rights (Editor) in the first-level department, the second-, third-, and fourth-level departments or projects under it also have access rights;
- If a user/group has read-only permission (Viewer) in the first-level department, the second-level, third-level, and fourth-level departments or projects under it also have read-only permission.
Objects | Actions | Folder Admin | Folder Editor | Folder Viewer |
---|---|---|---|---|
on the folder itself | view | ✓ | ✓ | ✓ |
Authorization | ✓ | ✗ | ✗ | |
Modify Alias | ✓ | ✗ | ✗ | |
To Subfolder | Create | ✓ | ✗ | ✗ |
View | ✓ | ✓ | ✓ | |
Authorization | ✓ | ✗ | ✗ | |
Modify Alias | ✓ | ✗ | ✗ | |
workspace under it | create | ✓ | ✗ | ✗ |
View | ✓ | ✓ | ✓ | |
Authorization | ✓ | ✗ | ✗ | |
Modify Alias | ✓ | ✗ | ✗ | |
Workspace under it - Resource Group | View | ✓ | ✓ | ✓ |
resource binding | ✓ | ✗ | ✗ | |
unbind | ✓ | ✗ | ✗ | |
Workspaces under it - Shared Resources | View | ✓ | ✓ | ✓ |
New share | ✓ | ✗ | ✗ | |
Unshare | ✓ | ✗ | ✗ | |
Resource Quota | ✓ | ✗ | ✗ |